惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

IT之家
IT之家
NISL@THU
NISL@THU
The Hacker News
The Hacker News
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Tenable Blog
Forbes - Security
Forbes - Security
V2EX - 技术
V2EX - 技术
Webroot Blog
Webroot Blog
Schneier on Security
Schneier on Security
T
The Exploit Database - CXSecurity.com
T
Tor Project blog
C
Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
The Last Watchdog
The Last Watchdog
PCI Perspectives
PCI Perspectives
O
OpenAI News
C
Cyber Attacks, Cyber Crime and Cyber Security
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Google Online Security Blog
Google Online Security Blog
宝玉的分享
宝玉的分享
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
量子位
D
Docker
AI
AI
Blog — PlanetScale
Blog — PlanetScale
S
Security @ Cisco Blogs
S
Schneier on Security
The GitHub Blog
The GitHub Blog
W
WeLiveSecurity
云风的 BLOG
云风的 BLOG
M
MIT News - Artificial intelligence
P
Privacy International News Feed
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
H
Hackread – Cybersecurity News, Data Breaches, AI and More
B
Blog
C
Check Point Blog
A
About on SuperTechFans
D
Darknet – Hacking Tools, Hacker News & Cyber Security
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Engineering at Meta
Engineering at Meta
I
InfoQ
T
Threat Research - Cisco Blogs
Project Zero
Project Zero
Cloudbric
Cloudbric
MongoDB | Blog
MongoDB | Blog
Cisco Talos Blog
Cisco Talos Blog
L
Lohrmann on Cybersecurity
S
Securelist

MeriTalk

Eliminating Silos in IT/OT Cybersecurity Is a Funding Challenge, Not a Technical One The FedRAMP High Supply Crisis Is a Federal Security Problem – Not a Procurement Footnote How More Tightly Focused Software Development Initiatives Will Unlock Innovation Across Government Transforming Federal Cybersecurity Through Private Sector Innovation Evolving Zero Trust and Embedded AI – Federal Government Cybersecurity Predictions for 2026 Unlocking AI’s Potential in High-Assurance Environments Accelerate Agentic AI in the Federal Government: Top Takeaways Why Congress Must Reauthorize the Technology Modernization Fund Make Cybersecurity a Key Ingredient of Modernization How Spectro Cloud’s PaletteAI Secure helps agencies scale AI securely, compliantly, and confidently Fix the Foundation: How Hybrid Cloud and Trusted Data Enable Government AI New Google Workspace Cost-Saving Offer Available for U.S. Federal Government Reinventing FedRAMP in the Age of AI Balancing Security and Efficiency: The Federal IT Dilemma in the AI Era Meeting Evolving State and Local Cyber Threats AI Is the Solution to Stop AI Data Theft Enhancing U.S. Government Operations with AI and Human-Centered Design How FinOps Can Help Agencies Slash Cloud Costs in 5 Steps Will Quantum Computing Weaken or Strengthen Cybersecurity of Federal Systems? Improving Citizen and Federal Employee Experience with Virtual AI Assistants Strategies for Securing the Federal Supply Chain Reframing the U.S. Government’s Approach to Cybersecurity Oversight Three Steps Agencies Can Take to Meet Government’s AI Requirements The Impact of NIST’s PQC Standardization on the Federal Cybersecurity Ecosystem Generative AI is Revolutionizing Federal Government Operations NIST’s new PQC Algorithms and What They Mean for Federal Agencies Addressing the U.S. Quantum Labor Shortage Before It’s Too Late How a Community Vigil Approach and Secure by Design are Critical to Software Cybersecurity Addressing the Talent Shortage: How Digital Government Improves Satisfaction, Retention Here’s What We Can Learn (and Do) About Cybercrime from FBI’s Latest Internet Crime Report Implementing AI Assurance Safeguards Before OMB’s December Deadline The Next AI Wave: Quantum AI CDM’s Evolution to Non-Traditional Technology: Why Now and How Will it Succeed? Customer Expectations Require Agencies to Raise the Bar on Customer Experience, Report Shows Applying for Government Benefits Shouldn’t Be Difficult When It Comes to Identity Verification Four Federal Software Supply Chain Security Trends to Watch FedRAMP Baseline Transition Points to OSCAL-Native Tools What Zero Trust Means for Modern Government: Best Practices for Key Tenets Four Ways to Handle the IT Funding Crunch Agencies Need to Get Creative to Fill the Cyber Workforce Gap Customer Identity trends report shows control trumps convenience Federal Agencies Making Strides Toward Sustainability and Climate Action Executive Order 14028 | Improving the Nation’s Cybersecurity Depends on Data | All Data is Security Data Applying Geospatial Intelligence, AI/ML to Climate Change Challenge My Cup of IT: Angry at Arthritis, Hunting for Cures How the Federal Government Can Help Combat a Fragmented Internet Accelerating Cybersecurity for US Critical Infrastructure Getting in on the Ground Floor of the ‘New Observability’ Comply-to-Connect is Key to Zero Trust for DoD How Will Upcoming Cryptocurrency Regulations Affect Industry? My Cup of IT: Cup Cake for Kushner? Launching a New Era of Government Cloud Security Managing IT Complexity in Federal Agencies Agencies Must Modernize Zero Trust Approaches to Achieve Optimal Protection Five Essential Metrics for Measuring Federal Government CX Unlocking the Benefits of 5G and Beyond The Federal Factory of the Future: How AI is Transforming Manufacturing The Quantum Impact on Cyber How Next-Gen Computers Will Transform What’s Possible for Federal Government Agencies Must Take an Authentic Approach to Synthetic Data Biometrics and Privacy: Finding the Perfect Middle Ground Two-Way Street: Why Officials and Constituents Are Equally Responsible for Securing the Midterms The “Programmable World” Will Bring the Best of the Virtual World Into the Physical One Cyberattacks are a Common Occurrence and the Costs are Higher Than Ever Increasing Equity Through Data and Customer Experience The AI Edge: Why Edge Computing and AI Strategies Must Be Complementary How Metaverses and Web3 can Reshape Government Four Emerging Technology Trends set to Impact Government Most 5G Enables AI at the Edge Plugging Cyber Holes in Federal Acquisition Resilient Critical Infrastructure Starts with Zero Trust The Evolution of Government Tech Procurement Under CMMC 2.0 Zero Trust Requires Continuous, Tested Security for Federal Agencies How Multi-INT Fusion Accelerates Mission Intelligence for Real-Time Decision Advantage Three Things to Consider for Responsible AI in Government Legislation, White House Orders Show Agencies Opportunity for Hybrid Cloud Creating an Effective Framework for DoD’s Software Factories Realizing Upsides for Digital Security in the Hybrid Workplace A Future With AI and ML: The Power of Workforce Education Five Tips to Begin MFA Integration and Embrace Zero Trust The Vital Intersection Between Equity and Digital Transformation Equity as a Platform: Applying a New Mindset to Scale Innovation Harnessing the Right Data for Evidence-Based Equity From EO to Action: Human Factors of Enabling a Cyber Safety Review Board For Equity in Government Services, It’s Time to Change the Paradigm Critical Questions to Ask When Considering Explainable AI (XAI) for Your Federal Agency The Telework Model for Government: COVID Lessons for Building an Effective Workforce DevSecOps: 4 Steps for Mitigating the Next Cyber Attack in Your Federal IT Environment Better Cyber Hygiene Helps, but Federal Security Needs SASE Lift DoD, Feds Plot Top Cyber, Cloud Priorities for 2022 Cloud-Native Government: How to Transform With Intention DoD and VA Health Networks Face Growing Threat From Medical-Device Vulnerabilities New Federal Cybersecurity Requirements: How Agencies Should Implement a Zero Trust Architecture Protecting Our Nation Through Big Data Analytics Three Ways COVID-19 Altered Federal, State IT Budget Allocations Ransomware is More Than a Cybersecurity Issue From Me to We: Take the Mission Further With Multiparty Systems Anywhere, Everywhere: Integrating Your Virtual Workplace ‘I, Technologist’: Empowering Innovators in the Federal Workforce Mirrored World: Digital Twins Report for Duty Across Government
CDM Dashboards Empower Threat Hunting, Require Smarter Approach to Data
John Harmon · 2021-08-03 · via MeriTalk

As we have seen with recent security breaches – including the SolarWinds attack – it can be challenging for Federal security leaders to effectively detect cyber threats across their networks. In the last few decades, private sector organizations have established tools to help monitor for malicious activity, but until recently, the Federal government hasn’t had one centralized method.

The Continuous Diagnostics and Mitigation (CDM) program standardizes how civilian agencies monitor their networks for cyber threats while improving their cybersecurity posture. The program operates under the direction of the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA).

Through this centralized strategy, the CDM dashboard empowers an ideal threat hunting environment for cybersecurity professionals to identify threats before they strike. DHS is leading the way in exploring advanced endpoint detection and response technologies available to the agency personnel that need them.

The May 12 release of the Executive Order on Improving the Nation’s Cybersecurity greatly accelerated these efforts. The Order requires agencies to deploy an Endpoint Detection and Response (EDR) capability. CISA is tasked with prescribing an EDR deployment initiative to support host-level visibility, attribution, and response regarding Federal Civilian Executive Branch (FCEB) Information Systems at scale. The Order also mandates the authorization of much-anticipated changes to the agreements between FCEB agencies and DHS, which now requires agencies to share detailed information about their systems through the CDM program.

For the first time, the CDM program now has both the technical ability to hunt for threats at scale, and policy authorizing it to do so. Here’s how Federal cyber professionals can leverage these updates and make the most out of the CDM program:

Standardization Makes it Possible to Hunt at Scale

Until now, the lack of normalized data formats has contributed to poor data quality and made it challenging to identify potential vulnerabilities at scale. Open technology tools and common schema specifications hold the power to unlock previously disparate data.

The CDM dashboard maximizes common schema tools, and the increased support for the dashboard means data from various sources, locations, and formats can be more quickly synced and analyzed.

Under the Chief Financial Officers (CFO) Act, there are 23 agency-specific dashboards that feed into the wide-spanning Federal CDM dashboard, as well as data from more than 70 non-CFO Act agencies. As even more agencies adopt the centralized CDM dashboard, the amount of valuable intelligence will continue to grow, delivering the comprehensive government-wide threat visibility required to combat increasingly sophisticated cybercriminals.

Finding Hidden Threats Quickly Depends on Data

Successful threat hunting begins with having the right data to answer the right questions at the right time. Without that data, there is no hunt. Why? Because dwell time – the time between when a compromise first occurs and when it is detected – is on the rise.

Sophisticated state-sponsored threat actors can remain undetected for months; foreign adversaries’ average dwell time is 10-plus days, and in the SolarWinds case we saw dwell times of 300-plus days. The only way to accurately analyze these long dwell times is to retain telemetry for longer periods of time so that historical analysis can be performed.

Data consolidation opens up more insights that can be gathered quickly and cost effectively. While this is good for threat hunters – the more data you have, the more effective your threat hunting process will be – it can easily overwhelm agency systems with its sheer volume and velocity. Further, some degree of data normalization is necessary to enable automated detection at scale, and to help analysts find what they’re looking for. The CDM dashboard provides a model for government-wide data normalization, and helps search through mountains of data – fast. And more data means determining where a breach occurred, what it impacted, and how it might be related to other events.

From Reactive to Proactive Cybersecurity

Agencies need an offensive mindset in today’s security environment and must always assume they’re at risk of being compromised. It’s in this zero-trust world where threat hunters can play a critical role. They understand where and how to look for security threats and can analyze the trends the CDM dashboard generates. Threat hunters are prepared to “fight the network” to eradicate adversaries from within ever-expanding agency perimeters.

It’s not a matter of if, but when, the next cyberattack occurs. When we started writing this article, the Microsoft Exchange breach “Hafnium” was discovered; by the time this article is published, the next big breach – or several big breaches – will have already taken place.

With a more unified approach to how we consume, manage, and analyze data, the nation’s defenders can stop observing the problem and start playing offense, making CDM’s government-wide vision of proactive security a reality of our cyber defense.

The effort has gained significant support from policymakers as well. This year, the National Defense Authorization Act (NDAA) gives CISA the ability to collect data from Federal agency networks and proactively hunt for vulnerabilities without notifying the individual agencies. The Executive Order on Improving the Nation’s Cybersecurity contains dozens of new and enhanced provisions which provide CISA with the authority to make a significant impact. In order to maintain transparency across government, DHS will be required to report the findings of this proactive threat hunting to Congress. With the CDM dashboard, this information is easily shareable, but adhering to the NDAA while continuing to increase threat hunting efforts requires agencies to change the way data is stored, accessed, and analyzed.

In its continuous evolution, more features will be added to the CDM dashboard during the government’s next fiscal year, and updated capabilities are already being piloted at a handful of smaller agencies to measure potential impact. These enhancements include a CDM-enabled Threat Hunting capability, which pulls EDR and log data into the agency dashboard, and enables query across agencies from the Federal dashboard. Generating deeper insights from across the government to alert threat hunters is a giant step forward, and the CDM dashboards can enable this – identifying threats in time to make a difference.